I am finally ready to seup mikrotik CCR router with home ISP gateway router
trying to seup ip passthrough, but i am not sure where to find the mikrotik public WAN ip address
anyone willing to point to how to navigate to where this ip address will be?
With ISP home gateway in the way it’s highly probable that CCR will not ever see true public IP address.
What is your actual objective here?
Trying to do similar thing to this https://forums.att.com/conversations/att-fiber-equipment/bgw320505-mikrotik/6109a0cf02db9d546096212e
I need to use router at home and need to connect to ISP gateway router via ip passthrough
When AT&T’s oddball IP passthrough mode is enabled, you don’t have two routers. You have a router and a fiber-to-Ethernet media converter, generically called a modem.
It’s an important distinction because the AT&T box isn’t doing routing any more. Thus, it is not a router. If it were otherwise, you’d be asking about double NAT, which is both a problem and a solution, depending on how you look at it and what your needs are.
I believe what you’re asking for is how to make the RouterOS box get a public IP. Assuming you don’t have a static IP from AT&T, you have to enable the DHCP client on the WAN-facing interface. RouterOS doesn’t blindly solicit IPs and DNS servers and routes and everything else you can get over DHCP out of the box. That would be a potential security disaster. DHCP should transit only the links where it’s expected and necessary, but deciding which that is is up to you.
Beware that the road you’re going down is dangerous if not done under expert guidance. By putting your ISP modem into that passthru mode, you’re exposing everything plugged directly into it to the big bad Internet. RouterOS doesn’t ship configured for security. The box ships naked, and it’s best set up and tested before you expose it to the Internet, on a private LAN.
Yup yeah i know the ISP router will no longer do routing after this setup; well aware of that
I do have a static IP block, so how do i setup the mikrotik router to use the static IP i have?
When you say static IP block what do you mean? THe ISP is giving you 5 public Static WANIPs ??
how do i setup the mikrotik router to use the static IP i have?
Here.
As @tangent already said, you configure a Public static IP the same way as you would configure any other IP…
yup i have /27 static ipv4 from ISP
So i have now added static ip to the mikrotik
all looks good, i added gateway ip and DNS server and route to internet and i can route to internet
can ping google.com and so on
BUT the ISP router is still working as router. What is going on?
Am i doing something wrong?
I thought the ISP gateway router will no longer function as router anymore and mikrotik router will be the router now
so why is this happening? or am i missing another settings somewhere?
Most networked devices nowdays (wired, wireless, …) use DHCP protocol to discover network settings (own IP address, gateway, DNS servers) … and most routers, given out by ISPs, have DHCP server configured (because most users don’t know much about networking).
Users who know a bit of networking then change things according to their wishes. Other either use whatever ISP offers or get (hire) somebody to configure things for them.
How does this refer to my last comment???
Without you telling us exactly in what way ISP device us still acting as router I’m guessing you set up CCR in parallel to the rest of devices. If that’s not the case, then provide us with current network layout and text export of your CCR. And write details about how’s your ISP router configured. Some ISP layouts mean that their router at your premises can not be replaced by your own equipment (without them reconfigutring part of their access network).
I mentioned already in earlier post
please check from beginning of thread
http://forum.mikrotik.com/t/where-do-i-see-mikrotik-public-wan-ip/156725/1
I am trying to understand where the problem is…
If you have a static IP block given to you by your ISP, a /27 as you said ( 32 available addresses from which the first is the network address and the last the broadcast address ) then you assign ( usually ) the second available host address to the ethernet interface connected to your ISP.
And i do say usually because i can’t be sure about that… one of the addresses belonging to the /27 is used by your ISPs equipment. You should ask them which address they use, because that address will be used as your Gateway in your default route…
After you assign that address, you will have to masquerade, or even better source-nat ( since you know the IP ) under ip firewall nat…
But, unless i see a topology diagram ( even a simple one ) as @mkx suggested too, and the configuration currently used, i can only make assumptions, which is not that good…
There are two explanations. Either you’ve set the public IP address on your Mikrotik’s WAN interface in parallel to some other one (you can even have a dhcp client and multiple manually configured addresses attached to the same interface), or the ISP’s device indeed has that public subnet at its LAN side, while its own WAN IP address is actually different and the public subnet is routed via that device’s WAN IP.
If it is the latter case, it might still be possible to switch the ISP’s device to bridge mode, but depending on how the routing of that /27 is configured in the ISP’s core, it might be complicated. I’ve seen ISPs asking the client to advertise the public subnet granted to them using a dynamic routing protocol.
If you can have the public IPs directly on your router and traffic from the internet can reach them, there is no reason to insist on removing the routing functionality from the ISP device.
I have assigned static public IP from what i purchased from ISP and i can reach my mikrotik router via the static public ip fine
that is already done, i can pinfg the internet from CCR router fine also
I am already setting up my VLANs and connecting the 2 x CRS switches also
Only thing am not sure about is my ISP router us still working as router, matter of fact i am typing this post via the wireless of the ISP router
so am not sure why people keep saying after IP passthrough is setup i cant access ISP router anymore, i still CAN and i can at the ISP local ip still
So at the moment, am just thinking how to mikrotik private network
I have audience device I will be connecting soon, so maybe i will be able to now be able to get to the mikrotik private network from connecting to the audience device connected to the mikrotik
Extra details on topology
CCR2004 —> CRS326(need for SFP+ 10G ports) ----> CRS312(need for RJ45 10G ports)
CCR2004 => https://mikrotik.com/product/ccr2004_1g_12s_2xs
CRS326 => https://mikrotik.com/product/crs326_24s_2q_rm
CRS312 => https://mikrotik.com/product/crs312_4c_8xg_rm
I have been able to setup route to internet using the static public IP
CCR2004 can route to internet with the public IP
but the CRS switches are not able to route to internet
I created route to internet using the private IP of management as gateway but still can not route to internet from the CRS switches
I can ping CCR2004 router on IP from management VLAN1 at 192.168.11.254 from CRS switches(192.168.11.253 and 192.168.11.253) and vice versa
but just can not ping internet from the CRS switches
How do i fix this?
There are many ways how the ISP may set up things. The “bridge” or “passthrough” mode of the ISP device is only strictly required in cases where the ISP uses PPPoE and you want to run the PPPoE client at your own router rather than at the ISP’s one. In your case, it may not be like that, but it’s still not clear to me whether, with your current setup, you can see incoming packets to the public IP on your 2004 if you send them from the internet (e.g. by entering that address into a browser on your mobile phone connected via the mobile network, not WiFi). This is the only proof that the public subnet is configured properly at both ends.